<?php

session_start();

include('../sql/sql.php');
include('definicje.php');

if(isset($_SESSION['typUzytkownika'])) {
	
	if(isset($_POST['stare']) && isset($_POST['haslo'])) {

	$mysqli = new mysqli($MySQLSerwer, $MySQLUzytkownik, $MySQLHaslo, $MySQLBaza);
	
	$stmt = $mysqli->stmt_init();
	
	$stmt->prepare("SELECT haslo FROM uzytkownicy WHERE id_uzytkownika=?");
	$stmt->bind_param('d', $_SESSION['idUzytkownika']);
	$stmt->execute();
	$stmt->bind_result($stareHaslo);
	$stmt->fetch();
	
	if($stareHaslo != md5(md5($_POST['stare']))) header('Location: ../?errno=211');
	
	$stmt->prepare("UPDATE uzytkownicy SET haslo=? WHERE id_uzytkownika=?");
	$stmt->bind_param('sd', md5(md5($_POST['haslo'])), $_SESSION['idUzytkownika']);
	$stmt->execute();
	
	header('Location: ../?a=dane&infno=211');
	
	} else {
		
		header('Location: ../?a=dane&errno=211');
		
	}
	
} else {
	
	header('Location: ../?a=dane&errno=401&34');

}

?>